Security

You land on a web page in mobile Safari and all of a sudden you're torn away and dumped into some game on the Apple Store.

We've gotten complaints about this — and experienced it ourselves — for what feels like a couple years. Something causes a web page, when opened, to immediately redirect you to the App Store, almost always to the listing for a popular game. Maybe the perpetrators are hoping you're so enticed by the game you download it even after being hijacked, so they'll get some revenue, direct or affiliate. But it deplorable and, even after a couple of years, it's unclear how and why it keeps happening.

These days, simple passwords aren't good enough to secure your data. Hackers are too good, and security systems flawed. Longer complicated passwords created by generators like 1Password and Safari's iCloud Keychain can help, but the best way to lock down your accounts is to add extra authentication options.

Apple announced the new MacBook with USB-C connector last Monday and already headlines are appearing linking it to known security issues, like BadUSB.

BadUSB is an attack that uses the way computers interface with the universal serial bus (USB) standard to try and load malware onto the machine. It's a longstanding issue with USB in general, and nothing specific to Apple or the MacBook's implementation of USB-C. Throwing Apple and a hot new product under the headline bus is a great way to get attention, but what's really going on?

That was a question posed by MarketWatch today. It's also an important question. Unfortunately, MarketWatch didn't treat the question that way. And that's a profound disservice to its readers.

The Apple Watch is, by Apple's own admission the most personal, most intimate device the company has ever released. It tracks health, it handles communications, it can control our homes, it can pay for our purchases. Security on the Apple Watch is something that's going to matter to everyone who uses it. The response to the sensational headline used by MarketWatch, is that they don't know. And the follow up is pure fear, uncertainty, and doubt. That's not only bad journalism, it's an actively harmful attack.

Passwords are weak and often cracked. Two-factor authentication, which uses your phone number to send a secondary code you have to enter, is much stronger.

I know first-hand how scary password hacks can be, but I still put off two-factor authentication for years — relying instead on a strong multi-digit 1Password-generated password — because it felt clunky and hard to set up. What if I lost access to my phone number because I was restoring my iPhone? What if I couldn't get network access for my two-factor code? Too much hassle, I thought.

Authy changed my opinion on two-factor authentication: The app makes it far less terrifying to deal with; it also lives on both my Mac and iOS devices, so I don't have to worry about losing access to my accounts while my phone is restoring.

Dropbox has become a valued repository for many people, yours truly included — folks keep writing, PDFs, photos, and more in the cloud-based storage service. As such, you almost definitely don't want it compromised by enterprising hackers or devious thieves.

Two-factor authentication can provide a strong barrier against such attacks by requiring that anyone who attempts to access your account have both your password and access to your mobile devices. Here's how to set it up.

If you use Facebook, chances are there's a whole host of personal and semi-private information you don't want anyone else getting ahold of. Never fear: You can protect your Facebook account from potential hacks with little trouble thanks to the company's two-factor authentication integration. Here's how you can set it up.